AZ-104 Study Guide – Azure Basics

AZ-104 Study Guide – Azure Basics

Even though I took the Azure Fundamentals exam a long time ago, I think it is always helpful and important to repeat the Azure basics. Believe or not, a lot of (IT) folks still have to learn the foundations and hopefully this summary is helpful for some of you.

If you are looking for the full AZ-104 study guide: https://www.cloud13.ch/2023/10/31/az-104-study-guide-microsoft-azure-administrator/ 

Microsoft Datacenters

Microsoft has datacenter around the world. If you go to https://datacenters.microsoft.com/globe/explore one can see and explore Azure’s global infrastructure. This means that the Azure cloud consists of hundreds of unique physical buildings all over the globe to provide compute, storage, networking, and many other services.

Regions

A specific set of datacenters deployed within a latency-defined perimeter is called a region. Each region comes with a different pricing and service availability.

Azure services deployed to Azure regions are list here: https://azure.microsoft.com/en-us/explore/global-infrastructure/products-by-region/?products=all 

Paired and Unpaired Regions

Many regions also have a paired region. Paired regions support certain types of multi-region deployment approaches. Some newer regions have multiple availability zones and don’t have a paired region. You can still deploy multi-region solutions into these regions, but the approaches you use might be different.

Regions without a pair will not have geo-redundant storage (GRS). Such regions follow data residency guidelines to allow for the option to keep data resident within the same region. Customers are responsible for data resiliency based on their Recovery Point Objective or Recovery Time Objective (RTO/RPO) needs and may move, copy, or access their data from any location globally. In the rare event that an entire Azure region is unavailable, customers will need to plan for their Cross Region Disaster Recovery.

The table below lists Azure regions without a region pair:

Geography Region
Qatar Qatar Central
Poland Poland Central
Israel Israel Central
Italy Italy North
Austria Austria East (Coming soon)
Spain Spain Central (Coming soon)

Availability Zones

Each region has multiple availability zones (AZ) which allow customers to distribute their infrastructure and workloads/applications across different datacenters for resiliency and high availability (=reliability) purposes.

Screenshot of physically separate availability zone locations within an Azure region.

Note: If you know which apps do not need 100% high availability during certain periods of time, you can optimize costs during those non-critical periods.

Zonal and Zone-redundant Services

There are two ways that Azure services use availability zones:

  • Zonal resources are pinned to a specific availability zone. You can combine multiple zonal deployments across different zones to meet high reliability requirements. You’re responsible for managing data replication and distributing requests across zones. If an outage occurs in a single availability zone, you’re responsible for failover to another availability zone.

  • Zone-redundant resources are spread across multiple availability zones. Microsoft manages spreading requests across zones and the replication of data across zones. If an outage occurs in a single availability zone, Microsoft manages failover automatically.

Azure services support one or both of these approaches. Platform as a service (PaaS) services typically support zone-redundant deployments. Infrastructure as a service (IaaS) services typically support zonal deployments.

Azure Edge Zones

These small-footprint extensions of Azure are place in population centers that are far from Azure regions.

Azure public MEC integrates Azure Compute and edge-optimized Azure services with the mobile operator’s public 5G network connectivity. Use the solution to rapidly develop and deliver a broad array of low-latency applications and solve critical business problems at the operator edge.

SLA on Azure

Microsoft commits to defined uptime numbers for different services:

  • 99.99% compute availability monthly. Zone-redundant Azure VMs

  • 99.99% identity availability monthly. Azure Active Directory authentications

  • 99.995% database availability monthly. Zone-redundant Azure SQL deployments

  • 99.99999999999999% object durability annually. Objects in an Azure geo-zone-redundant storage account

  • 100% Azure DNS availability monthly. All valid Azure DNS requests guaranteed to receive a response

More information can be found here: https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1 

Subscriptions, Licenses, Accounts and more

To keep it simple, I’ll copy the information from here: https://learn.microsoft.com/en-us/microsoft-365/enterprise/subscriptions-licenses-accounts-and-tenants-for-microsoft-cloud-offerings?view=o365-worldwide 

Organization

An organization represents a business entity that is using Microsoft cloud offerings, typically identified by one or more public Domain Name System (DNS) domain names, such as contoso.com. The organization is a container for subscriptions.

Subscriptions

A subscription is an agreement with Microsoft to use one or more Microsoft cloud platforms or services, for which charges accrue based on either a per-user license fee or on cloud-based resource consumption.

  • Microsoft’s Software as a Service (SaaS)-based cloud offerings (Microsoft 365 and Dynamics 365) charge per-user license fees.
  • Microsoft’s Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) cloud offerings (Azure) charge based on cloud resource consumption.

User Accounts

User accounts for all of Microsoft’s cloud offerings are stored in a Microsoft Entra tenant, which contains user accounts and groups. A Microsoft Entra tenant can be synchronized with your existing Active Directory Domain Services (AD DS) accounts using Microsoft Entra Connect, a Windows server-based service. This is known as directory synchronization.

Summary of the Hierarchy

Here is a quick recap:

  • An organization can have multiple subscriptions

    • A subscription can have multiple licenses

    • Licenses can be assigned to individual user accounts

    • User accounts are stored in a Microsoft Entra tenant

What is Microsoft Entra ID?

Microsoft Entra ID, formerly known as Azure Active Directory (AAD), is a cloud-based identity and access management service that enables your employees access external resources. Example resources include Microsoft 365, the Azure portal, and thousands of other SaaS applications.

Microsoft has renamed Azure Active Directory (Azure AD) to Microsoft Entra ID for the following reasons: (1) to communicate the multicloud, multiplatform functionality of the products, (2) to alleviate confusion with Windows Server Active Directory, and (3) to unify the Microsoft Entra product family.

Diagram showing the new name for Azure AD and Azure AD External Identities.

Microsoft Entra ID is the new name for Azure AD. The names Azure Active Directory, Azure AD, and AAD are replaced with Microsoft Entra ID.

  • Microsoft Entra is the name for the product family of identity and network access solutions.
  • Microsoft Entra ID is one of the products within that family.
  • Acronym usage is not encouraged, but if you must replace AAD with an acronym due to space limitations, use ME-ID.

Microsoft Entra ID also helps them access internal resources like apps on your corporate intranet, and any cloud apps developed for your own organization.

To learn the differences between Active Directory and Microsoft Entra ID, see Compare Active Directory to Microsoft Entra ID.

What are the Microsoft Entra ID licenses?

Microsoft Online business services, such as Microsoft 365 or Microsoft Azure, use Microsoft Entra ID for sign-in activities and to help protect your identities. If you subscribe to any Microsoft Online business service, you automatically get access to Microsoft Entra ID Free.

AZ-104 Study Guide – Microsoft Azure Administrator

AZ-104 Study Guide – Microsoft Azure Administrator

I just passed the Azure AI Fundamentals exam a few weeks ago and made the decision to pursue the Microsoft Azure Administrator certification and register for the AZ-104 exam. I always have a plan and use a study guide when I prepare myself for an exam. That is why I am creating and sharing an AZ-104 study guide because it seems to be one of the hardest “associate” or entry-level certifications right now. My goal is to take the exam in about 6 weeks, latest at the end of December 2023.

Note: This approach also helped me to pass the AWS Certified Solutions Architect Associate Exam.

Update: My articles, notes and summaries as part of my preparation can be found here: https://www.cloud13.ch/az-104-study-guide/ 

My Goal

Without having any prior Azure hands-on experience, my goal is to pass the AZ-104 exam first before taking AZ-305 to become a Microsoft certified Azure Solutions Architect Expert.

Exam Overview

As an Azure administrator, you often serve as part of a larger team dedicated to implementing an organization’s cloud infrastructure. You also coordinate with other roles to deliver Azure networking, security, database, application development, and DevOps solutions.

The skills measured are:

  • Manage Azure identities and governance (20–25%)
  • Implement and manage storage (15–20%)
  • Deploy and manage Azure compute resources (20–25%)
  • Implement and manage virtual networking (15–20%)
  • Monitor and maintain Azure resources (10–15%)

Note: Obviously, the exam requires you to have hands-on experience with Microsoft Azure

Costs: $165 (in Switzerland CHF 216)

Passing score: Technical exam scores are reported on a scale between 1 and 1’000. You need a passing score of 700 or greater.

Important: The English language version of this exam was updated on October 26, 2023.

Schedule Exam: Exam AZ-104: Microsoft Azure Administrator

AZ-104 Study Guide

I am going to use the following resources to prepare myself.

First, I would like to get a quick overview and basic understanding of Microsoft Azure. For that, I will watch John Savill’s technical training on YouTube.

Second, I need to create a free account for Azure

Third, I am going through the self-paced learning path collection of Microsoft:

Fourth, I am going to use Microsoft’s study guide for AZ-104 but I will map the related MS docs links to each topic, see below.

Note: Please bookmark this study guide since I am going to add/update the links during my journey.

Manage Azure identities and governance (20–25%)

Manage Microsoft Entra users and groups

 Manage access to Azure resources

Manage Azure subscriptions and governance

Implement and manage storage (15–20%)

Configure access to storage

Configure and manage storage accounts

Configure Azure Files and Azure Blob Storage

Deploy and manage Azure compute resources (20–25%)

Automate deployment of resources by using Azure Resource Manager (ARM) templates or Bicep files

Create and configure virtual machines

Provision and manage containers in the Azure portal

Create and configure Azure App Service

Implement and manage virtual networking (15–20%)

Configure and manage virtual networks in Azure

Configure secure access to virtual networks

Configure name resolution and load balancing

Monitor and maintain Azure resources (10–15%)

Monitor resources in Azure

Implement backup and recovery

Let’s see in a few weeks if this guide and my preparation were enough to pass the exam. 😀

Good luck!

If you already passed the exam, please share your experience in the comments section!

VMware Explore 2023 US – Day 1 Announcements

VMware Explore 2023 US – Day 1 Announcements

VMware Explore 2023 US is currently happening in Las Vegas and I am onsite! Below you will find an overview of the information that was shared with us during the general session and solution keynotes.

Please be aware that this list is not complete but it should include all the major announcements including references and sources.

VMware Aria and VMware Tanzu

Starting this year, VMware Aria and VMware Tanzu form a single track at VMware Explore and VMware introduced the develop, operate, and optimize pillars (DOO) for Aria and Tanzu around April 2023.

VMware Tanzu DOO Framework

The following name changes and adjustments have been announced at VMware Explore US 2023:

  • The VMware Tanzu portfolio includes two new product categories (product family) called “Tanzu Application Platform” and “Tanzu Intelligence Services”.
  • Tanzu Application Platform includes the products Tanzu Application Platform (TAP) and Tanzu for Kubernetes Operations (TKO), and the new Tanzu Application Engine module.
  • Tanzu Intelligence Services – Aria Cost powered by CloudHealth, Aria Guardrails, Aria Insights, and Aria Migration will be rebranded as “Tanzu” and become part of this new Tanzu Intelligence Services category.
    • Tanzu Hub & Tanzu Graph
    • Tanzu CloudHealth
    • Tanzu Guardrails
    • Tanzu Insights (currently known as Aria Insights)
    • Tanzu Transformer (currently known as Aria Migration)
  • Aria Hub and Aria Graph are now called Tanzu Hub
  • VMware Cloud Packs are now called the VMware Cloud Editions (more information below)

Note: VMware expects to implement these changes latest by Q1 2024

The VMware Aria and Tanzu announcement and rebranding information can be found here.

Tanzu Mission Control

After the announcement that Tanzu Mission Control supports the lifecycle management of Amazon EKS clusters, VMware announced the expansion to provide lifecycle management capabilities of Microsoft AKS clusters now as well. 

Tanzu Application Engine (Private Beta)

VMware announced a new solution for the Tanzu Application Platform category.

VMware Tanzu for Kubernetes Operations is introducing Tanzu Application Engine, enhancing multi-cloud support with lifecycle management of Azure AKS clusters, and offering new Kubernetes FinOps (cluster cost) visibility. A new abstraction that includes workload placement, K8s runtime, data services, libraries, infra resources, with a set of policies and guardrails.

The Tanzu Application Engine announcement can be found here.

VMware RabbitMQ Managed Control Plane

I know a lot of customers who built an in-house RabbitMQ cloud service.

VMware just announced a beta program for a new VMware RabbitMQ Managed Control Plane which allows enterprises to seamlessly integrate RabbitMQ within their existing cloud environment, offering flexibility and control over data streaming processes.

What’s New with VMware Aria?

Other Aria announcements can be found here.

What’s New with VMware Aria Operations at VMware Explore

Next-Gen Public Cloud Management with VMware Aria Automation

VMware Cloud Editions

What has started with four different VMware Cloud Packs, is now known as “VMware Cloud Editions” with five different options:

VMware Cloud Editions

Here’s an overview of the different solutions/subscriptions included in each edition:

VMware Cloud Editions Connected Subscriptions

More VMware Cloud related announcements can be found here.

What’s New in vSphere 8 Update 2

As always, VMware is working on enhancing operational efficiency to make the life of an IT admin easier. And this gets better with the vSphere 8 U2 release.

In vSphere 8 Update 2, we are making significant improvements to several areas of maintenance to reduce and in some cases eliminate this need for downtime so vSphere administrators can make those important maintenance changes without having a large impact on the wider vSphere infrastructure consumers.

These enhancements include, reduced downtime upgrades for vCenter, automatic vCenter LVM snapshots before patching and updating, non-disruptive certificate management, and reliable network configuration recovery after a vCenter is restored from backup.

More information about the vSphere 8 Update 2 release can be found here.

What’s New in vSAN 8 Update 2

At VMware Explore 2022, VMware announced the new vSAN 8.0 release which included the new Express Storage Architecture (ESA), which even got better with the recent vSAN 8.0 Update 1 release.

VMware vSAN Max – Petabyte-Scale Disaggregated Storage

VMware vSAN Max, powered by vSAN Express Storage Architecture, is a new vSAN offering in the vSAN family delivering
petabyte-scale disaggregated storage for vSphere. With its new disaggregated storage deployment model, vSAN customers can scale storage elastically and independently from compute and deploy unified block, file, and partner-based object storage to maximize utilization and achieve lower TCO.

VMware vSAN Max

vSAN Max expands the use cases in which HCI can provide exceptional value. Disaggregation through vSAN Max provides flexibility to build infrastructure with the scale and efficiency required for non-linear scaling applications, such as storage-intensive databases, modern elastic applications with large datasets and more. Customers have a choice of deploying vSAN in a traditional model or a disaggregated model with vSAN Max, while still using a single control plane to manage both deployment options.

The vSAN Max announcement can be found here.

VMware Cloud on AWS

VMware announced a VMware Cloud on AWS Advanced subscription tier that will be available on i3en.metal and i4i.metal instance types only. This subscription will include advanced cloud management, networking and security features:

  • VMware NSX+ Services (NSX+ Intelligence, NDR capabilities, NSX Advanced Load Balancer)
  • vSAN Express Storage Architecture Support
  • VMware Aria Automation
  • VMware Aria Operations
  • VMware Aria Operations for Logs

Note: Existing deployments (existing SDDCs) will be entitled to these advanced cloud management, networking and security features over time

The VMware Cloud on AWS Advanced Subscription Tier FAQ can be found here

Introduction of VMware NSX+

Last year, VMware introduced Project Northstar as technology preview:

Project Northstar is a SaaS-based networking and security offering that will empower NSX customers with a set of on-demand multi-cloud networking and security services, end-to-end visibility, and controls. Customers will be able to use a centralized cloud console to gain instant access to networking and security services, such as network and security policy controls, Network Detection and Response (NDR), NSX Intelligence, Advanced Load Balancing (ALB), Web Application Firewall (WAF), and HCX. It will support both private cloud and VMware Cloud deployments running on public clouds and enable enterprises to build flexible network infrastructure that they can spin up and down in minutes.

This year, VMware announced the initial availability of the NSX+ service. VMware NSX+ is a fully managed cloud-based service offering that allows networking, security, and operations teams to consume and operate VMware NSX services from a single cloud console across private and public clouds.

NSX+ Architectural Diagram

The following services are available:

  • NSX+ Policy Management: Provides unified networking and security policy management across multiple clouds and on-premises data centers.
  • NSX+ Intelligence (Tech Preview only): Provides a big data reservoir and a system for network and security analytics for real-time traffic visibility into applications traffic all the way from basic traffic metrics to deep inspection of packets.
  • NSX+ NDR (Tech Preview only): Provides a scalable threat detection and response service offering for Security Operations Center (SoC) teams to triage real time security threats to their data center and cloud.

There are three different NSX+ and two NSX+ distributed firewall editions available:

  • NSX+ Standard. For organizations needing a basic set of NSX connectivity and security features for single location software-defined data center deployments.
  • NSX+ Advanced. For organizations needing advanced networking and security features that are applied to multiple sites. This edition also entitles customers to VMware NSX+ Advanced Load Balancer Cloud Services.
  • NSX+ Enterprise. For organizations needing all of the capability NSX has to offer. This edition also entitles customers to VMware NSX+ Advanced Load Balancer Cloud Services.
  • NSX+ Distributed Firewall. For organizations needing implement access controls for east-west traffic within the network (micro-segmentation) but not focused on Threat detection and prevention services.
  • NSX+ Distributed Firewall with Threat Prevention. For organizations needing access control and select Threat prevention features for east-west traffic within the network. 

An NSX+ feature overview can be found here.

Note: Currently, NSX+ only supports NSX on-premises deployments (NSX 4.1.1 or later) and VMware Cloud on AWS

VMware Cloud Foundation

VMware announced a few innovations for H2 2023, which includes the support for Distributed Service Engine (DSE aka Project Monterey), vSAN ESA support, and NSX+.

 

Generative AI – VMware Private AI Foundation with Nvidia

VMware and Nvidia’s CEOs announced VMware Private AI Foundation as the result of their longstanding partnership. 

Built on VMware Cloud Foundation, this integrated solution with Nvidia will enable enterprises to customize models and run generative AI applications, including intelligent chatbots, assistants, search, and summarization.

Bild

Anywhere Workspace Announcements

At VMware Explore 2022, VMware shared its vision for autonomous workspaces.

Autonomous workspace is a concept (not an individual product) that is our north star for the future of end-user computing. It means going beyond creating a unified workspace with basic automations, to analyzing huge amounts of data with AI and machine learning, to drive more advanced, context aware automations. This leads to a workspace that can be considered self-configuring, self-healing, and self-securing. 

VMware continued working on the realization of this vision and came up with a lot of announcements, which can be found here.

Other Announcements

Please find below some announcements that VMware shared with us during the SpringOne event or before and after the general session on August 22nd, 2023:

Momentum in the Cloud: Crafting Your Winning Strategy with VMware Cloud

Momentum in the Cloud: Crafting Your Winning Strategy with VMware Cloud

The time is right for VMware Cloud! In the rapidly evolving landscape of modern business, embracing the cloud has become essential for organizations seeking to stay competitive and agile. The allure of increased scalability, cost-efficiency, and flexibility has driven enterprises of all sizes to embark on cloud migration journeys. However, the road to a successful cloud adoption is often coming with challenges. Slow and failed migrations have given rise to what experts call the “cloud paradox,” where the very technology meant to accelerate progress ends up hindering it.

As businesses navigate through this paradox, finding the right strategy to harness the full potential of the cloud becomes paramount. One solution that has emerged as a beacon of hope in this complex landscape is VMware Cloud. With its multi-cloud approach, which is also known as supercloud, VMware Cloud provides organizations the ability to craft a winning strategy that capitalizes on momentum while minimizing the risks associated with cloud migrations.

The Experimental Phase is Over

Is it really though? The experimental phase was an exciting journey of discovery for organizations seeking the potential of multi-cloud environments. Companies have explored different cloud providers, tested a variety of cloud services, and experimented with workloads and applications in the cloud. It allowed them to understand the benefits and drawbacks of each cloud platform, assess performance, security and compliance aspects, and determine how well each cloud provider aligns with their unique business needs.

The Paradox of Cloud and Choice

With an abundance of cloud service providers, each offering distinct features and capabilities, decision-makers can find themselves overwhelmed with options. The quest to optimize workloads across multiple clouds can lead to unintended complexities, such as increased operational overhead, inconsistent management practices/tools, and potential vendor lock-in.

Furthermore, managing data and applications distributed across various cloud environments can create challenges related to security, compliance, and data sovereignty. The lack of standardized practices and tools in a multi-cloud setup can also hinder collaboration and agility, negating the very advantages that public cloud environments promise to deliver.

Multi-Cloud Complexity

(Public) Cloud computing is often preached for its cost-efficiency, enabling businesses to pay for resources on-demand and avoid capital expenditures on physical infrastructure. However, the cloud paradox reveals that organizations can inadvertently accumulate hidden costs, such as data egress fees, storage overage charges, and the cost of cloud management tools. Without careful planning and oversight, the cloud’s financial benefits might be offset by unexpected expenses.

Why Cloud Migrations are Slowing Down

Failed expectations. The first reasons my customers mention are cost and complexity.

While the cloud offers potential cost savings in the long run, the initial investment and perceived uncertainty in calculating the total cost of ownership can deter some organizations from moving forward with cloud migrations. Budget constraints and difficulties in accurately estimating and analyzing cloud expenses lead to a cautious approach to cloud adoption.

One significant factor impeding cloud migrations is the complexity of the process itself. Moving entire infrastructures, applications, and data to the cloud requires thorough planning, precise execution, and in-depth knowledge of cloud platforms and technologies. Many organizations lack the in-house expertise to handle such a massive undertaking, leading to delays and apprehensions about potential risks.

Other underestimated reasons are legacy systems and applications that have been in use for many years and are often deeply ingrained within an organization’s operations. Migrating these systems to the cloud may require extensive reconfiguration or complete redevelopment, making the migration process both time-consuming and resource-intensive.

Reverse Cloud Migrations

While I don’t advertise a case for repatriation, I would like to share the idea that companies should think about workload mobility, application portability, and repatriation upfront. You can infinitely optimize your cloud spend, but if cloud costs start to outpace your transformation plans or revenue growth, it is too late already.

Embracing a Smart Approach with VMware Cloud

To address the cloud paradox and maximize the potential of multi-cloud environments, VMware is embracing the cloud-smart approach. This approach is designed to empower organizations with a unified and consistent platform to manage and operate their applications across multiple clouds.

VMware Cloud-Smart

  • Single Cloud Operating Model: A single operating model that spans private and public clouds. This consistency simplifies cloud management, enabling seamless workload migration and minimizing the complexities associated with multiple cloud providers.
  • Flexible Cloud Choice: VMware allows organizations to choose the cloud provider that best suits their specific needs, whether it is a public cloud or a private cloud infrastructure. This freedom of choice ensures that businesses can leverage the unique advantages of each cloud while maintaining operational consistency.
  • Streamlined Application Management: A cloud-smart approach centralizes application management, making it easier to deploy, secure, and monitor applications across multi-cloud environments. This streamlines processes, enhances collaboration, and improves operational efficiency.
  • Enhanced Security and Compliance: By adopting VMware’s security solutions, businesses can implement consistent security policies across all clouds, ensuring data protection and compliance adherence regardless of the cloud provider.

Why VMware Cloud?

This year I realized that a lot of VMware customers came back to me because their cloud-first strategy did not work as expected. Costs exploded, migrations were failing, and their project timeline changed many times. Also, partners like Microsoft and AWS want to collaborate more with VMware, because the public cloud giants cannot deliver as expected.

Customers and public cloud providers did not see any value in lifting and shifting workloads from on-premises data centers to the public. Now the exact same people, companies and partners (AWS, Microsoft, Google, Oracle etc.) are back to ask for VMware their support, and solutions that can speed up cloud migrations while reducing risks.

This is why I am always suggesting a “lift and learn” approach, which removes pressure and reduces costs.

Organizations view the public cloud as a highly strategic platform for digital transformation. Gartner forecasted in April 2023 that Infrastructure-as-a-Service (IaaS) is going to experience the highest spending growth in 2023, followed by PaaS.

It is said that companies spend most of their money for compute, storage, and data services when using Google Cloud, AWS, and Microsoft Azure. Guess what, VMware Cloud is a perfect fit for IaaS-based workloads (instead of using AWS EC2, Google’s Compute Engine, and Azure Virtual machine instances)!

Who doesn’t like the idea of cost savings and faster cloud migrations?

Disaster Recovery and FinOps

When you migrate workloads to the cloud, you have to rethink your disaster recovery and ransomware recovery strategy. Have a look at VMware’s DRaaS (Disaster-Recovery-as-a-Service) offering which includes ransomware recovery capabilities as well. 

If you want to analyze and optimize your cloud spend, try out VMware Aria Cost powered by CloudHealth.

Final Words

VMware’s approach is not right for everyone, but it is a future-proof cloud strategy that enables organizations to adapt their cloud strategies as business needs to evolve. The cloud-smart approach offers a compelling solution, providing businesses with a unified, consistent, and flexible platform to succeed in multi-cloud environments. By embracing this approach, organizations can overcome the complexities of multi-cloud, unlock new possibilities, and set themselves on a path to cloud success.

And you still get the same access to the native public cloud services.

 

 

Supercloud – A Hybrid Multi-Cloud

Supercloud – A Hybrid Multi-Cloud

I thought it is time to finally write a piece about superclouds. Call it supercloud, the new multi-cloud, a hybrid multi-cloud, cross-cloud, or a metacloud. New terms with the same meaning. I may be biased but I am convinced that VMware is in the pole position for this new architecture and approach.

Let me also tell you this: superclouds are nothing new. Some of you believe that the idea of a supercloud is something new, something modern. Some of you may also think that cross-cloud services, workload mobility, application portability, and data gravity are new complex topics of the “modern world” that need to be discussed or solved in 2023 and beyond. Guess what, most of these challenges and ideas exist for more than 10 years already!

Cloud-First is not cool anymore

There is clear evidence that a cloud-first approach is not cool or the ideal approach anymore. Do you remember about a dozen years ago when analysts believed that local data centers are going to disappear and the IT landscape would only consist of public clouds aka hyperscalers? Have a look at this timeline:

VMware and Public Clouds Timeline

We can clearly see when public clouds like AWS, Google Cloud, and Microsoft Azure appeared on the surface. A few years later, the world realized that the future is hybrid or multi-cloud. In 2019, AWS launched “Outposts”, Microsoft made Azure Arc and their on-premises Kubernetes offering available only a few years later.

Google, AWS, and Microsoft changed their messaging from “we are the best, we are the only cloud” to “okay, the future is multi-cloud, we also have something for you now”. Consistent infrastructure and consistent operations became almost everyone’s marketing slogan.

As you can also see above, VMware announced their hybrid cloud offering “VMware Cloud on AWS” in 2016, the initial availability came a year after, and since 2018 it is generally available.

From Internet to Interclouds

Before someone coined the term “supercloud”, people were talking about the need for an “intercloud”. In 2010, Vint Cerf, the so-called “Father of the Internet” shared his opinions and predictions on the future of cloud computing. He was talking about the potential need and importance of interconnecting different clouds.

Cerf already understood about 13 years ago, that there’s a need for an intercloud because users should be able to move data/workloads from one cloud to another (e.g., from AWS to Azure to GCP). He was guessing back then that the intercloud problem could be solved around 2015.

We’re at the same point now in 2010 as we were in ’73 with internet.

In short, Vint Cerf understood that the future is multi-cloud and that interoperability standards are key.

There is also a document that also delivers proof that NIST had a working group (IEEE P2302) trying to develop “the Standard for Intercloud Interoperability and Federation (SIIF)”. This was around 2011. How did the suggestion back then look like? I found this youtube video a few years ago with the following sketch:

Intercloud 2012

Workload Mobility and Application Portability

As we can see above, VM or workload mobility was already part of this high-level architecture from the IEEE working group. I also found a paper from NIST called “Cloud Computing Standards Roadmap” dated July 2013 with very interesting sections:

Cloud platforms should make it possible to securely and efficiently move data in, out, and among cloud providers and to make it possible to port applications from one cloud platform to another. Data may be transient or persistent, structured or unstructured and may be stored in a file system, cache, relational or non-relational database. Cloud interoperability means that data can be processed by different services on different cloud systems through common specifications. Cloud portability means that data can be moved from one cloud system to another and that applications can be ported and run on different cloud systems at an acceptable cost.

Note: VMware HCX is available since 2018 and is still the easiest and probably the most cost-efficient way to migrate workloads from one cloud to another.

It is all about the money

Imagine it is March 2014, and you read the following announcement: Cisco is going big – they want to spend $1 billion on the creation of an intercloud

Yes, that really happened. Details can be found in the New York Times Archive. The New York Times even mentioned at the end of their article that “it’s clear that cloud computing has become a very big money game”.

In Cisco’s announcement, money had also been mentioned:

Of course, we believe this is going to be good for business. We expect to expand the addressable cloud market for Cisco and our partners from $22Bn to $88Bn between 2013-2017.

In 2016, Cisco retired their intercloud offering, because AWS and Microsoft were, and still are, very dominant. AWS posted $12.2 billion in sales for 2016, Microsoft ended up almost at $3 billion in revenue with Azure.

Remember Cisco’s estimate about the “addressable cloud market”? In 2018, Gartner presented the number of $145B for the worldwide public cloud spend in 2017. For 2023, Gartner forecasted a cloud spend of almost $600 billion.

Data Gravity and Egress Costs

Another topic I want to highlight is “data gravity” coined by Dave McCrory in 2010:

Consider Data as if it were a Planet or other object with sufficient mass. As Data accumulates (builds mass) there is a greater likelihood that additional Services and Applications will be attracted to this data. This is the same effect Gravity has on objects around a planet. As the mass or density increases, so does the strength of gravitational pull. As things get closer to the mass, they accelerate toward the mass at an increasingly faster velocity. Relating this analogy to Data is what is pictured below.

Put data gravity together with egress costs, then one realizes that data gravity and egress costs limit mobility and/or portability discussions:

Source: https://medium.com/@alexandre_43174/the-surprising-truth-about-cloud-egress-costs-d1be3f70d001

By the way, what happened to “economies of scale”?

The Cloud Paradox

As you should understand by now topics like costs, lock-in, and failed expectations (technically and commercially) are being discussed for more than a decade already. That is why I highlighted NIST’s sentence above: Cloud portability means that data can be moved from one cloud system to another and that applications can be ported and run on different cloud systems at an acceptable cost.

Acceptable cost.

While the (public) cloud seems to be the right choice for some companies, we now see other scenarios popping up more often: reverse cloud migrations (also called repatriation sometimes)

I have customers who tell me, that the exact same VM with the exact same business logic costs between 5 to 7 times more when they moved it from their private to a public cloud.

Let’s park that and cover the “true costs of cloud” another time. 😀

Public Cloud Services Spend

Looking at Vantage’s report, we can see the following top 10 services on AWS, Azure and GCP ranked by the share of costs:

If they are right and the numbers are true for most enterprises, it means that customers spend most of their money on virtual machines (IaaS), databases, and storage.

What does Gartner say?

Let’s have a look at the most recent forecast called “Worldwide Public Cloud End-User Spending to Reach Nearly $600 Billion in 2023” from April 2023:

Gartner April 2023 Public Cloud Spend Forecast

All segments of the cloud market are expected see growth in 2023. Infrastructure-as-a-service (IaaS) is forecast to experience the highest end-user spending growth in 2023 at 30.9%, followed by platform-as-a-service (PaaS) at 24.1%

Conclusion

If most companies spend around 30% of their budget on virtual machines and Gartner predicts that IaaS is still having a higher growth than SaaS or PaaS, a supercloud architecture for IaaS would make a lot of sense. You would have the same technology format, could use the same networking and security policies, and existing skills, and benefit from many other advantages as well.

Looking at the VMware Cloud approach, which allows you to run VMware’s software-defined data center (SDDC) stack on AWS, Azure, Google, and many other public clouds, customers could create a seamless hybrid multi-cloud architecture – using the same technology across clouds.

Other VMware products that fall under the supercloud category would be Tanzu Application Platform (TAP), the Aria Suite, and Tanzu for Kubernetes Operations (TKO) which belong to VMware’s Cross-Cloud Services portfolio.

Final Words

I think it is important that we understand, that we are still in the early days of multi-cloud (or when we use multiple clouds).

Customers get confused because it took them years to deploy or move new or existing apps to the public cloud. Now, analysts and vendors talk about cloud exit strategies, reverse cloud migrations, repatriations, exploding cloud costs, and so on.

Yes, a supercloud is about a hybrid multi-cloud architecture and a standardized design for building apps and platforms across cloud. But the most important capability, in my opinion, is the fact that it makes your IT landscape future-ready on different levels with different abstraction layers.

VMware Tanzu Licensing – What’s New?

VMware Tanzu Licensing – What’s New?

Last year, VMware gave the Tanzu portfolio a fairly good facelift with all the announcements from VMware Explore 2022. It is clear to me that VMware focuses on multi-cluster and multi-cloud Kubernetes management capabilities (Tanzu for Kubernetes Operations) and a superior developer experience with any Kubernetes on any cloud (Tanzu Application Platform). VMware embraces native public clouds and so it was very exciting for many customers when they announced the lifecycle management of Amazon Elastic Kubernetes Service (EKS) clusters – the direct provisioning and management of EKS clusters with Tanzu Mission Control. But what happened in the last 6 to 9 months since VMware Explore US and Europe? And how do I get parts of the VMware Tanzu portfolio nowadays?

Tanzu Licensing

Let us start with licensing first. in October 2022, VMware made it clear that they do not want to move forward anymore with the Tanzu Basic and Advanced editions, only Tanzu Standard was left. VMware replaced Tanzu Basic with “Tanzu Kubernetes Grid” (TKG), which comes with the following components:

  • vSphere capabilities / K8s Runtime
  • K8s Cluster Lifecycle Management – Cluster API
  • Image Registry – Harbor
  • Container Networking – Antrea/Calico
  • Load Balancing – NSX Advanced Load Balancer
  • Ingress Controller – Contour
  • Observability – Fluent Bit, Prometheus, Grafana
  • Operating System – Photon OS, Ubuntu, bring-your-own node image
  • Data Protection – Velero

Note: Nothing is official yet, but according to this article intended for partners, VMware is going to announce the Tanzu Standard EOA (End of Availability) soon:

…containing updated information on Tanzu Standard entering end of availability (EOA) and the new Tanzu Kubernetes Operations and Tanzu Application Platform partner resources.

Looking at the “Tanzu Explainer” and its changelog from the 5th of May, one can find the following: “Updated to reflect new Tanzu for Kubernetes Operations SKUs“.

Tanzu for Kubernetes Operations Bundles

The Tanzu Explainer on Tech Zone lists the following new bundles/packages for Tanzu for Kubernetes Operations (TKO):

  1. Tanzu for Kubernetes Operations Foundation includes Tanzu Mission Control Advanced and Tanzu Service Mesh Advanced. Two add-on SKUs are available—one adds Antrea Advanced and Aria Operations for Applications, the other adds these plus NSX Advanced Load Balancer Enterprise. Tanzu Kubernetes Grid is not included in this bundle.
  2. Tanzu for Kubernetes Operations includes Tanzu Kubernetes Grid, Tanzu Mission Control Advanced, Tanzu Service Mesh Advanced, Antrea Advanced, and Aria Operations for Applications.
  3. Tanzu for Kubernetes Operations with NSX Advanced Load Balancer includes Tanzu Kubernetes Grid, Tanzu Mission Control Advanced, Tanzu Service Mesh Advanced, Antrea Advanced, Aria Operations for Applications, and NSX Advanced Load Balancer Enterprise.

Note: Since Tanzu Mission Control Standard (TMC) was only sold as part of the Tanzu Standard Edition, we see VMware moving forward with TMC Advanced only. Which is good! But TMC Essentials still comes with vSphere+ and VMC on AWS.

Tanzu Entitlements with vSphere and VMware Cloud Foundation Editions

What about vSphere and VMware Cloud Foundation (VCF)? Let me give you an overview here as well:

  • vSphere+ Standard – No Tanzu entitlements included
  • vSphere+ – Includes TKG and TMC Essentials
  • vSphere Enterprise+ with TKG – Includes TKG
  • VMware Cloud Foundation – All VCF editions have Tanzu Standard included

Note: We do not know yet what the Tanzu Standard EOA means for the Tanzu entitlements with VCF. Need to wait for guidance.

VMware Cloud Packs

In April 2023, VMware introduced new bundles called VMware Cloud Packs and they come in four different flavours:

  1. Compute with Advanced Automation. vSphere+ and Aria Universal Suite Advanced
  2. HCI. vSphere+, vSAN+ Advanced and Aria Universal Suite Standard
  3. HCI with Advanced Automation. vSphere+, vSAN+ Advanced and Aria Universal Suite Advanced
  4. VMware Cloud Foundation. vSphere+, vSAN+ Enterprise, NSX Enterprise Plus, SDDC Manager, Aria Universal Suite Enterprise, Aria Operations for Networks Enterprise add-on

In addition to these four Cloud Packs offerings, customers can get the following add-ons:

  • Data Protection & Disaster Recovery
  • Network Detection and Response
  • Tanzu Mission Control
  • Ransomware Recovery
  • Advanced Load Balancer
  • Workload and Endpoint Security
  • Intrusion Detection and Prevention
  • VDI/Desktops

Note: As you can see, all new cloud packs have TKG included and TMC is an add-on. vCenter Standard is with connected and disconnected subscriptions.

Important: Please note as well that the individual components of the bundles cannot be upgraded independently. Example – Aria Universal Suite Standard as part of the HCI Cloud Pack cannot be upgraded to Aria Universal Suite Enterprise.

Conclusion

VMware is clearly moving in the right direction: They want to simplify their portfolio and improve how customers can consume/subscribe services. As always, it is going to take a while until they have figured out which bundles and product versions make sense for most of the customers. Be patient. 🙂